Date: Fri, 25 Feb 2022 10:18:22 +0800 From: Zhenlei Huang <zlei.huang@gmail.com> To: Sami Halabi <sodynet1@gmail.com> Cc: freebsd-jail@freebsd.org, freebsd-net@freebsd.org, freebsd-emulation@freebsd.org, FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: linux debian jail - network problems Message-ID: <8020452A-63EA-4424-8D20-CC9B9397B603@gmail.com> In-Reply-To: <CAEW%2BogZTfDYOm9dfkrp=Go5tAY2FsGuM2zTDRVcH41WNG2eR6A@mail.gmail.com> References: <CAEW%2BogZpopx%2B9EPDY5hddqh5BfsVmZcZJrYtYLRF7gPgvHg%2BvA@mail.gmail.com> <CAEW%2BogZTfDYOm9dfkrp=Go5tAY2FsGuM2zTDRVcH41WNG2eR6A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi, You can also track the WIP netlink feature, https://reviews.freebsd.org/D33975 > On Feb 25, 2022, at 4:05 AM, Sami Halabi <sodynet1@gmail.com> wrote: > > Hi, > Added Current, maybe will be lucky ;) > > Anyone have idea how approach and fix this? > > Sami > > בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi <sodynet1@gmail.com <mailto:sodynet1@gmail.com>>: > Hi all, > sorry for the cross post but I need help and I'm not sure where it hangs. > > I create linux jail (debian bullseye) via cbsd. > the jail is being populated with the debian userland.. > so far so good... services running (sshd) and I can login to the jail, I also can update packages and I can install apache httpd and all works fine (apt install or make from src). > I also manage to install packages even if their scripts depend on "ip" command that fails: > cbsd@j2> ip > Cannot open netlink socket: Address family not supported by protocol > > ifconfig show empty interfaces: > cbsd@j2> ifconfig > eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 > ether 00:50:56:0a:b3:a0 (Ethernet) > RX packets 139798314 bytes 12029597009 (11.2 GiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 26879143 bytes 34400160833 (32.0 GiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > lo0: flags=4169<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 > loop (Local Loopback) > RX packets 28548 bytes 160312960 (152.8 MiB) > RX errors 0 dropped 0 overruns 0 frame 0 > TX packets 28548 bytes 160312960 (152.8 MiB) > TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 > > I know linux emulation doesn't implement netlink.. so what I do is fake the response by replacing /bin/ip by a bash script that prints the correct IP and fakes some other (needed by packages i Installed): > #!/bin/bash > if [ "$1" = "-o" ]; then > echo "1: eth0 inet 192.168.1.2/24 <http://192.168.1.2/24>; brd 192.168.1.255 scope global eth0" > elif [ "$1" = "route" ]; then > if [ "$2" = "get" ]; then > echo "8.8.8.8 via 192.168.1.2 dev eth0 src 192.168.1.2 " > else > echo "default via 192.168.1.2 dev eth0" > fi > else > echo "1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000" > echo " inet 192.168.1.2 /24 brd 192.168.1.255 scope global eth0" > > > still ifconfig shows no IP... its time to say it a regular jail and *NOT* VNET. > > *however* package that pull ips via libraries fail.. > eg: installed bind916 (name) in the logs I see these errors (relevant only): > cbsd@j2> service named start > Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) failed: Invalid argument > cbsd@j2> > > > log file shows: > 22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet Systems Consortium, > 22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit 501(c)(3) public-benefit > 22-Feb-2022 23:11:58.705 general: notice: corporation. Support and training for BIND 9 are > 22-Feb-2022 23:11:58.705 general: notice: available at https://www.isc.org/support <https://www.isc.org/support>; > 22-Feb-2022 23:11:58.705 general: notice: ---------------------------------------------------- > 22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker threads > 22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface > 22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets > 22-Feb-2022 23:11:58.715 general: info: loading configuration from '/etc/bind/named.conf' > 22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors from file '/etc/bind/bind.keys' > 22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in '/usr/share/GeoIP' > 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range: [1024, 65535] > 22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range: [1024, 65535] > 22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found > 22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79: unexpected error: > 22-Feb-2022 23:11:58.715 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol > 22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces > *snip* > *snip* > 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: > 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available > 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied > 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: > 22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available > 22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied > 22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial 24 > 22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1 > 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: > 22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS) failed: Protocol not available > 22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error: > 22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS) failed: Protocol not available > 22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1 > 22-Feb-2022 23:11:58.745 zoneload: info: zone j1.royalshells.com/IN <http://j1.royalshells.com/IN>: loaded serial 2022022106 > 22-Feb-2022 23:11:58.745 notify: info: zone j1.royalshells.com/IN <http://j1.royalshells.com/IN>: sending notifies (serial 2022022106) > 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error: > 22-Feb-2022 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS) failed: Protocol not available > 22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/IN: loaded serial 2 > 22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error: > 22-Feb-2022 23:11:58.745 general: error: setsockopt(515, IP_RECVTOS) failed: Protocol not available > 22-Feb-2022 23:11:58.745 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1 > 22-Feb-2022 23:11:58.745 general: notice: all zones loaded > 22-Feb-2022 23:11:58.745 general: notice: running > 22-Feb-2022 23:11:58.795 general: error: socket.c:2405: unexpected error: > 22-Feb-2022 23:11:58.795 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available > 22-Feb-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79: unexpected error: > 22-Feb-2022 23:12:58.811 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol > 22-Feb-2022 23:12:58.811 network: warning: not listening on any interfaces > > Any Idea how to fix this?? > > cbsd@j2> named -V > BIND 9.16.22-Debian (Extended Support Version) <id:59bfaba> > running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENERIC > > installing newer versions > > I have also problems with dovecot mail package.. but will leave it for now > > Thanks in advance, > Sami > [-- Attachment #2 --] <html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi,<div class="">You can also track the WIP netlink feature, <a href="https://reviews.freebsd.org/D33975" class="">https://reviews.freebsd.org/D33975</a><br class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Feb 25, 2022, at 4:05 AM, Sami Halabi <<a href="mailto:sodynet1@gmail.com" class="">sodynet1@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="auto" class="">Hi,<div dir="auto" class="">Added Current, maybe will be lucky ;)</div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">Anyone have idea how approach and fix this?</div><div dir="auto" class=""><br class=""></div><div dir="auto" class="">Sami</div></div><br class=""><div class="gmail_quote"><div dir="ltr" class="gmail_attr">בתאריך יום ג׳, 22 בפבר׳ 2022, 23:30, מאת Sami Halabi <<a href="mailto:sodynet1@gmail.com" class="">sodynet1@gmail.com</a>>:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="">Hi all,<div class="">sorry for the cross post but I need help and I'm not sure where it hangs.</div><div class=""><br class=""></div><div class="">I create linux jail (debian bullseye) via cbsd.</div><div class="">the jail is being populated with the debian userland..</div><div class="">so far so good... services running (sshd) and I can login to the jail, I also can update packages and I can install apache httpd and all works fine (apt install or make from src).</div><div class="">I also manage to install packages even if their scripts depend on "ip" command that fails:</div><div class="">cbsd@j2> ip<br class="">Cannot open netlink socket: Address family not supported by protocol<br class=""></div><div class=""><br class=""></div><div class="">ifconfig show empty interfaces:</div><div class="">cbsd@j2> ifconfig<br class="">eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500<br class=""> ether 00:50:56:0a:b3:a0 (Ethernet)<br class=""> RX packets 139798314 bytes 12029597009 (11.2 GiB)<br class=""> RX errors 0 dropped 0 overruns 0 frame 0<br class=""> TX packets 26879143 bytes 34400160833 (32.0 GiB)<br class=""> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0<br class=""><br class="">lo0: flags=4169<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384<br class=""> loop (Local Loopback)<br class=""> RX packets 28548 bytes 160312960 (152.8 MiB)<br class=""> RX errors 0 dropped 0 overruns 0 frame 0<br class=""> TX packets 28548 bytes 160312960 (152.8 MiB)<br class=""> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0<br class=""></div><div class=""><br class=""></div><div class="">I know linux emulation doesn't implement netlink.. so what I do is fake the response by replacing /bin/ip by a bash script that prints the correct IP and fakes some other (needed by packages i Installed):<br class=""></div><div class="">#!/bin/bash<br class="">if [ "$1" = "-o" ]; then<br class="">echo "1: eth0 inet <a href="http://192.168.1.2/24" target="_blank" rel="noreferrer" class="">192.168.1.2/24</a> brd 192.168.1.255 scope global eth0"<br class="">elif [ "$1" = "route" ]; then<br class=""> if [ "$2" = "get" ]; then<br class=""> echo "8.8.8.8 via 192.168.1.2 dev eth0 src 192.168.1.2 "<br class=""> else<br class=""> echo "default via 192.168.1.2 dev eth0"<br class=""> fi<br class="">else<br class="">echo "1: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000"<br class="">echo " inet 192.168.1.2 /24 brd 192.168.1.255 scope global eth0"<br class=""></div><div class=""><div class=""><br class=""></div><div class=""><br class=""></div><div class="">still ifconfig shows no IP... its time to say it a regular jail and *NOT* VNET.</div><div class=""><br class=""></div><div class="">*however* package that pull ips via libraries fail..</div><div class="">eg: installed bind916 (name) in the logs I see these errors (relevant only):</div><div class="">cbsd@j2> service named start<br class="">Starting domain name service...: namednamed: prctl(PR_SET_DUMPABLE) failed: Invalid argument<br class="">cbsd@j2><br class=""></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">log file shows:</div><div class="">22-Feb-2022 23:11:58.705 general: notice: BIND 9 is maintained by Internet Systems Consortium,<br class="">22-Feb-2022 23:11:58.705 general: notice: Inc. (ISC), a non-profit 501(c)(3) public-benefit<br class="">22-Feb-2022 23:11:58.705 general: notice: corporation. Support and training for BIND 9 are<br class="">22-Feb-2022 23:11:58.705 general: notice: available at <a href="https://www.isc.org/support" target="_blank" rel="noreferrer" class="">https://www.isc.org/support</a><br class="">22-Feb-2022 23:11:58.705 general: notice: ----------------------------------------------------<br class="">22-Feb-2022 23:11:58.705 general: info: found 6 CPUs, using 6 worker threads<br class="">22-Feb-2022 23:11:58.705 general: info: using 6 UDP listeners per interface<br class="">22-Feb-2022 23:11:58.705 general: info: using up to 21000 sockets<br class="">22-Feb-2022 23:11:58.715 general: info: loading configuration from '/etc/bind/named.conf'<br class="">22-Feb-2022 23:11:58.715 general: info: reading built-in trust anchors from file '/etc/bind/bind.keys'<br class="">22-Feb-2022 23:11:58.715 general: info: looking for GeoIP2 databases in '/usr/share/GeoIP'<br class="">22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv4 port range: [1024, 65535]<br class="">22-Feb-2022 23:11:58.715 general: info: using default UDP/IPv6 port range: [1024, 65535]<br class="">22-Feb-2022 23:11:58.715 network: info: no IPv6 interfaces found<br class="">22-Feb-2022 23:11:58.715 general: error: ifiter_getifaddrs.c:79: unexpected error:<br class="">22-Feb-2022 23:11:58.715 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol<br class="">22-Feb-2022 23:11:58.715 network: warning: not listening on any interfaces<br class=""></div><div class="">*snip*</div><div class="">*snip*</div><div class="">22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br class="">22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available<br class="">22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied<br class=""></div><div class="">22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br class="">22-Feb-2022 23:11:58.735 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available<br class="">22-Feb-2022 23:11:58.735 general: notice: couldn't add command channel 127.0.0.1#953: permission denied<br class="">22-Feb-2022 23:11:58.735 zoneload: info: managed-keys-zone: loaded serial 24<br class="">22-Feb-2022 23:11:58.735 zoneload: info: zone 0.in-addr.arpa/IN: loaded serial 1<br class="">22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br class="">22-Feb-2022 23:11:58.735 general: error: setsockopt(512, IP_RECVTOS) failed: Protocol not available<br class="">22-Feb-2022 23:11:58.735 general: error: socket.c:2405: unexpected error:<br class="">22-Feb-2022 23:11:58.735 general: error: setsockopt(513, IP_RECVTOS) failed: Protocol not available<br class="">22-Feb-2022 23:11:58.745 zoneload: info: zone 255.in-addr.arpa/IN: loaded serial 1<br class="">22-Feb-2022 23:11:58.745 zoneload: info: zone <a href="http://j1.royalshells.com/IN" target="_blank" rel="noreferrer" class="">j1.royalshells.com/IN</a>: loaded serial 2022022106<br class="">22-Feb-2022 23:11:58.745 notify: info: zone <a href="http://j1.royalshells.com/IN" target="_blank" rel="noreferrer" class="">j1.royalshells.com/IN</a>: sending notifies (serial 2022022106)<br class="">22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:<br class="">22-Feb-2022 23:11:58.745 general: error: setsockopt(514, IP_RECVTOS) failed: Protocol not available<br class="">22-Feb-2022 23:11:58.745 zoneload: info: zone localhost/IN: loaded serial 2<br class="">22-Feb-2022 23:11:58.745 general: error: socket.c:2405: unexpected error:<br class="">22-Feb-2022 23:11:58.745 general: error: setsockopt(515, IP_RECVTOS) failed: Protocol not available<br class="">22-Feb-2022 23:11:58.745 zoneload: info: zone 127.in-addr.arpa/IN: loaded serial 1<br class="">22-Feb-2022 23:11:58.745 general: notice: all zones loaded<br class="">22-Feb-2022 23:11:58.745 general: notice: running<br class="">22-Feb-2022 23:11:58.795 general: error: socket.c:2405: unexpected error:<br class="">22-Feb-2022 23:11:58.795 general: error: setsockopt(50, IP_RECVTOS) failed: Protocol not available<br class=""></div><div class="">22-Feb-2022 23:12:58.811 general: error: ifiter_getifaddrs.c:79: unexpected error:<br class="">22-Feb-2022 23:12:58.811 general: error: getting interface addresses: getifaddrs: Address family not supported by protocol<br class=""></div><div class="">22-Feb-2022 23:12:58.811 network: warning: not listening on any interfaces<br class=""></div><div class=""><br class=""></div><div class="">Any Idea how to fix this??</div><div class=""><br class=""></div><div class="">cbsd@j2> named -V<br class="">BIND 9.16.22-Debian (Extended Support Version) <id:59bfaba><br class="">running on Linux x86_64 3.2.0 FreeBSD 12.3-RELEASE-p1 GENERIC<br class=""></div><div class=""><br class=""></div><div class="">installing newer versions </div><div class=""><br class=""></div><div class="">I have also problems with dovecot mail package.. but will leave it for now</div><div class=""><br class=""></div><div class="">Thanks in advance,</div><div class="">Sami</div><br class=""></div></div> </blockquote></div> </div></blockquote></div><br class=""></div></body></html>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8020452A-63EA-4424-8D20-CC9B9397B603>